THE content discusses a significant SQL injection vulnerability (CVE-2025-66336) affecting Apache Doris MCP Server version 0.1.0 through 0.6.0, allowing attackers to bypass authentication and access restricted database metadata. The flaw poses serious risks to data privacy and could lead to compliance violations if exploited. The vulnerability stems from a lack of input sanitization, enabling attackers to manipulate database queries. Administrators are urged to upgrade to version 0.6.1 to patch this issue and ensure ongoing database security.
CVE-2025-66336 exposes Apache Doris MCP Server to data theft
CyberSIXT Evidence Panel
Article by CyberSIXT